Firewall blocking FTP server on Windows 2008 R2

firewall ftp iis

I can access the FTP site without problems from the local machine, but it times out from the remote machine.

If I turn the firewall off COMPLETELY, it works. Obviously, this isn't really a satisfactory solution.

I've attempted to follow these steps, but to now avail.

On my remote machine I am using Filezilla as the FTP client. Below is the output it gives me as I attempt to access the site. As you can see, it manages to connect and authenticate, but the attempt to list the directory times out.

Can somebody tell me where I should look next?

Status: Connecting to 192.168.15.12:21...
Status: Connection established, waiting for welcome message...
Response:   220 Microsoft FTP Service
Command:    USER CMSDEVELOPMENT\CMSdev
Response:   331 Password required for CMSDEVELOPMENT\CMSdev.
Command:    PASS ******
Response:   230-Directory has 71,805,415,424 bytes of disk space available.
Response:   230 User logged in.
Command:    OPTS UTF8 ON
Response:   200 OPTS UTF8 command successful - UTF8 encoding now ON.
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is current directory.
Command:    TYPE I
Response:   200 Type set to I.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,15,12,192,160).
Command:    LIST
Response:   150 Opening BINARY mode data connection.
Error:  Connection timed out
Error:  Failed to retrieve directory listing

Looking at the firewall logs, I see these entries:

2012-04-23 14:44:54 DROP TCP 192.168.15.90 192.168.15.12 55743 49342 52 S 650301735 0 65535 - - - RECEIVE
2012-04-23 14:44:57 DROP TCP 192.168.15.90 192.168.15.12 55743 49342 52 S 650301735 0 65535 - - - RECEIVE
2012-04-23 14:45:03 DROP TCP 192.168.15.90 192.168.15.12 55743 49342 48 S 650301735 0 65535 - - - RECEIVE

Solution 1:

I finally got it to work, but there's some things I've learnt:

  • IIS will let you configure the ports that the FTP server will use for passive mode. But, for me, this did NOT take affect until I restarted the service named "Microsoft FTP Service"

  • When I looked at the inbound firewall rules, I saw three preconfigured rules:

    • FTP Server (FTP Traffic-In)
    • FTP Server Passive (FTP Passive Traffic-in)
    • FTP Server Secure (FTP SSL Traffic In)

These rules looked like just what I needed. But for some reason, they didn't actually do anything. When I created my OWN rules specifying exactly the same things, it worked. (Apparently, I'm not the first to encounter this problem, see this posting.)

Later Edit: Reading the comments below, it appears I was mistaken about these rules not working. You just need to enable them and restart the Microsoft FTP Service

Solution 2:

I have the same problem on a fresh install of Server 2012, but had to restart the Windows FireWall service to get it to work.

Solution 3:

You might want to try to disable Disable stateful FTP filtering:

netsh advfirewall set global StatefulFTP disable

and make sure to restart FTP service afterwards

(see also: http://blog.nenoloje.com/2013/01/ftp-service-for-iis-client-connection.html)

Related

Is it possible to detach and reattach a ZFS disk without requiring a full resilver?
What VNC service would you recommend?
Should I build my own or buy a cheap NAS? [closed]
Php.ini disable "Scan this dir for additional .ini files"?
Safe to have /.svn/ folders on live site? (How to remove them but retain svn update capability?)
What virus scanner on a Linux fileserver?
Basic firewall, switch, & router device? [closed]
Setting time zone on linux (ubuntu)
sshd shuts down with "No supported key exchange algorithms" error
Does SELinux make Redhat more secure?
How to determine number of open sockets? VM Resource Issues
After enabling HTTPS on my Apache2 server - I get 404 errors on every request [closed]